In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow.

Impact

By enticing a user to load a maliciously crafted PNG image, an attacker could execute arbitrary code with the rights of the user, or crash the application using the libpng library, such as the emul-linux-x86-baselibs.